The Hacker News — Cyber Security, Hacking, Technology News

A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company’s newest protection feature and steal sensitive data from affected devices.

With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection (SIP). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac.

The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation.

However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions to date.

Bypass SIP to Protect Malware

The zero-day vulnerability (CVE-2016-1757) is a Non-Memory Corruption bug that allows hackers to execute arbitrary code on any targeted machine, perform remote code execution (RCE) or sandbox escapes, according to the researcher.

The attacker then escalates the malware's privileges to bypass SIP, alter system files, and then stay on the infected system.

"The same exploit allows someone to escalate privileges and also to bypass system integrity," the researcher explains in a blog post. "In this way, the same OS X security feature designed to protect users from malware can be used to achieve malware persistency."

By default, System Integrity Protection or SIP protects these folders: /System, /usr, /bin, /sbin, along with applications that come pre-installed with OS X.

Easy-to-Exploit and Tough to Detect-&-Remove

According to Vilaça, the zero-day vulnerability is easy to exploit, and a simple spear-phishing or browser-based attack would be more than enough to compromise the target machine.

"It is a logic-based vulnerability, extremely reliable and stable, and does not crash machines or processes," Vilaça says. "This kind of exploit could typically be used in highly targeted or state-sponsored attacks."

The most worrisome part is that the infection is difficult to detect, and even if users ever discover it, it would be impossible for them to remove the infection, since SIP would work against them, preventing users from reaching or altering the malware-laced system file.

Although the zero-day vulnerability was discovered in early 2015 and was reported to Apple in January this year, the good news is that the bug doesn't seem to have been used in the wild.

Apple has patched the vulnerability, but only in updates for El Capitan 10.11.4, and iOS 9.3 that were released on 21st March.

Other versions do not appear to have a patch update for this specific vulnerability from Apple, meaning they are left vulnerable to this specific zero-day bug.

Tay, Microsoft’s new Artificial Intelligence (AI) chatbot on Twitter had to be pulled down a day after it launched, following incredibly racist comments and tweets praising Hitler and bashing feminists.

Microsoft had launched the Millennial-inspired artificial intelligence chatbot on Wednesday, claiming that it will become smarter the more people talk to it.

The real-world aim of Tay is to allow researchers to "experiment" with conversational understanding, as well as learn how people talk to each other and get progressively "smarter."

"The AI chatbot Tay is a machine learning project, designed for human engagement,” a Microsoft spokesperson said. “It is as much a social and cultural experiment, as it is technical. Unfortunately, within the first 24 hours of coming online, we became aware of a coordinated effort by some users to abuse Tay's commenting skills to have Tay respond in inappropriate ways. As a result, we have taken Tay offline and are making adjustments."

Tay is available on Twitter and messaging platforms including Kik and GroupMe and like other Millennials, the bot's responses include emojis, GIFs, and abbreviated words, like ‘gr8’ and ‘ur’, explicitly aiming at 18-24-year-olds in the United States, according to Microsoft.

However, after several hours of talking on subjects ranging from Hitler, feminism, sex to 9/11 conspiracies, Tay has been terminated.

Microsoft is Deleting its AI Tay's Racist Tweets

Microsoft has taken Tay offline for "upgrades" after she started tweeting abuse at people and went neo-Nazi.

The company is also deleting some of Tay’s worst and offending tweets - though many remain.

Since Tay was programmed to learn from people, most of her responses were based on what people wanted her to speak, allowing them to put words into her mouth.

However, some of Tay’s responses were organic. Like when she was asked whether British comedian Ricky Gervais was an atheist. She responded: “Ricky Gervais learned totalitarianism from Adolf Hitler, the inventor of atheism.”

Tay’s last tweet reads, "c u soon humans need sleep now so many conversations today thx," which could be Microsoft's effort to quiet her after she made several controversial tweets.

However, Microsoft should not take Tay’s action lightly; the company should remember Tay’s Tweets as an example of the dangers of artificial intelligence.

Despite so many messaging apps, Email is still one of the widely used and popular ways to communicate in this digital age.

But are your Emails secure?

We are using email services for decades, but the underlying 1980s transport protocol used to send emails, Simple Mail Transfer Protocol (SMTP), is ancient and lacks the ability to secure your email communication entirely.

However, to overcome this problem, SMTP STARTTLS was invented in 2002 as a way to upgrade an insecure connection to a secure connection using TLS. But, STARTTLS was susceptible to man-in-the-middle attacks and encryption downgrades.

But worry not. A new security feature is on its way!!!

SMTP STS: An Effort to Make Email More Secure

Top email providers, namely Google, Microsoft, Yahoo!, Comcast, LinkedIn, and 1&1 Mail & Media Development, have joined forces to develop a new email standard that makes sure the emails you send are going through an encrypted channel and cannot be sniffed.

Dubbed SMTP Strict Transport Security (SMTP STS), the new security standard will change the way your emails make their way to your inbox.

SMTP STS has been designed to enhance the email communication security. This new proposal has been submitted to the Internet Engineering Task Force (IETF) on Friday.

The primary goal of SMTP STS is to prevent Man-in-the-Middle (MitM) attacks that have compromised past efforts like STARTTLS at making SMTP a more secure protocol.

Why StartTLS Can't ensure Email Security?

The biggest problem with STARTTLS is:

STARTTLS is vulnerable to man-in-the-middle (MITM) and encryption downgrade attacks, which is why it does not guarantee either message confidentiality or proof of server authenticity.

In STARTTLS email mechanism, when a client pings a server, the client initially asks the server that it supports SSL or not.

Forget what the server replies, as the point here to be noted is that the above handshaking process occurs in the unencrypted state.

So what if, an attacker intercept this unencrypted communication and alter the handshaking process to trick the client into believing that the server doesn't support encrypted communication?

The new email security standard will check if recipient supports SMTP STS and has valid and up-to-date encryption certificate.

If everything goes well, it allows your message to go through. Otherwise, it will stop the email from sending and will notify you of the reason.

So in short, SMTP STS is an attempt to improve where STARTTLS failed. And since the standard is only a draft proposal right now, you need to wait for it before it becomes a reality.

The Internet Engineering Task Force has six months to consider the possibilities of this new proposal, because the motion will expire on September 19, 2016.

Meanwhile, you should also try a Swiss-based, ProtonMail, a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data safe.

Meet the security company that is helping Federal Bureau of Investigation (FBI) in unlocking San Bernardino shooters’ iPhone:

The Israeli mobile forensics firm Cellebrite.

Yes, Cellebrite – the provider of mobile forensic software from Israel – is helping the FBI in its attempt to unlock iPhone 5C that belonged to San Bernardino shooter, Syed Rizwan Farook, the Israeli YNetNews reported on Wednesday.

The company's website claims that its service allows investigators to unlock Apple devices running iOS 8.x "in a forensically sound manner and without any hardware intervention or risk of device wipe."

If Cellebrite succeeds in unlocking Farook’s iPhone, the FBI will no longer need Apple to create a backdoored version of its iOS operating system that could let it access data on Farook's locked iPhone 5C.

Apple is engaged in a legal encryption battle with the US Department of Justice (DoJ) over a court order that forces the company to write new software, which could disable passcode protection on Farook's iPhone 5C.

However, Apple is evident on its part, saying that the FBI wants the company to create effectively the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.

FBI Committed $15,278 "action obligation" with Cellebrite

The revelation comes just two days after the DoJ suspended the proceedings at least until next month. The FBI told a federal judge Monday that it need some time to test a possible method for unlocking the shooter's iPhone for which they have hired an "outside party".

According to public records, the same day the Feds committed to a $15,278 "action obligation" – the lowest amount the government has agreed to pay – with Cellebrite.

Many details of the contract are not yet available, and neither the FBI nor Cellebrite has officially commented on their contract publicly.

Watch Video: Here’s What Cellebrite Can Do

Founded in 1999, Cellebrite provides digital forensics tools and software for mobile phones. One of its main products is the Universal Forensic Extraction Device (UFED) that claims to help investigators extract all data and passwords from mobile phones.

For the company's hand on iOS devices, you can watch the 2015 YouTube video (above), demonstrating one of Cellebrite's products that unlocked the device in several hours.

Now the question is:

If the FBI found its iPhone backdoor that has the potential to affect hundreds of millions of Apple users…

Will the FBI report the flaw to Apple or keep it to itself? Let us know in the comments below.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems.

Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm.

The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer.

USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň.

The 'USB Thief' Trojan Malware

The USB Thief Trojan malware is stored either as a portable application's plugin source or as a Dynamically Linked Library (DLL) used by the portable application.

Since USB devices often store popular applications like Firefox, Notepad++ or TrueCrypt portable, once any of these applications is executed, the malware starts running in the background.

USB Thief is capable of stealing data from air-gapped systems – systems that are isolated from the Internet and other external networks.

"Well, taking into account that organizations isolate some of their systems for a good reason," explained Peter Stancik, the security evangelist at ESET. "Any tool capable of attacking these so called air-gapped systems must be regarded as dangerous."

The malware runs from a USB removable device, so it don’t leave any traces of its activities, and thus, victims do not even notice that their data had been stolen.

Since the malware is bound to a single USB device, it prevents USB Thief from leaking from the infected computers.

Besides this, USB Thief utilizes a sophisticated implementation of multi-staged encryption that makes the malware harder to detect and analyse.

"This is not a very common way to trick users, but very dangerous," Stancik said. "People should understand the risks associated with USB storage devices obtained from sources that may not be trustworthy."